From owner-freebsd-ports@freebsd.org Mon Oct 15 15:17:02 2018 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 428DE10DE308 for ; Mon, 15 Oct 2018 15:17:02 +0000 (UTC) (envelope-from peo@nethead.se) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id BEAF87814C for ; Mon, 15 Oct 2018 15:17:01 +0000 (UTC) (envelope-from peo@nethead.se) Received: by mailman.ysv.freebsd.org (Postfix) id 8055B10DE306; Mon, 15 Oct 2018 15:17:01 +0000 (UTC) Delivered-To: ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5E3C610DE305 for ; Mon, 15 Oct 2018 15:17:01 +0000 (UTC) (envelope-from peo@nethead.se) Received: from ns1.nethead.se (ns1.nethead.se [5.150.237.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "ns1.nethead.se", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DC42B7814B for ; Mon, 15 Oct 2018 15:17:00 +0000 (UTC) (envelope-from peo@nethead.se) X-Virus-Scanned: amavisd-new at Nethead AB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nethead.se; s=NETHEADSE; t=1539616613; bh=r0zNV9iaoCQutIn27YJLdiaEFovtakQpVxgUZcuw30k=; h=To:Cc:From:Subject:Date; b=u98JVzfrMQ791J0BZnuav303T+v0WdYi13fe1A6bKPqFJFhJxrG9IjfhJGB04ZuWH NKVI88iJ8O50PUDtTMb7zvlh3DARZEOFYs9Edgn6Wg89ErXTdbmcV+SCRDa0JQYWJv p1tvxnsM2VTerkZAxBCCmXcLPI0yPdWZWLk1vyOo= To: ports@freebsd.org Cc: dan.mcgregor@usask.ca From: Per olof Ljungmark Subject: sshguard - rc and blacklisting Openpgp: preference=signencrypt Autocrypt: addr=peo@nethead.se; prefer-encrypt=mutual; keydata= xsFNBFbrB5EBEADHiMFjO5RvZBFUaEtwATCbsWgYaUZC4fnjeznfnK9CFG1WdshLCJkN6XB5 cKPy2cX8vkRn+hfcqvOA6u/CVToBDL5Ztb0IQeg4y/6mAf+jhZMFboYZa/BYH5wpt5Yctx2e QW0J2KnyYBTBlszbza5oHg4SRA4rmGsVHOQpTnpdzlQUj4kgeZe85dsbRtew4Nmg9D1AOMzN 16pjtuvb4noi1aectcvhiIz2ploS3PaCNte+d4C0FMj/ARpf78tahWfXz1l4RC8Vh5P72A0o argnLkc/f0/z5yChsUQXJo1jpV9QWyqcUpEDucnOgKq63Digo9iwIpnBI0CIXr8OyZLxagBM MzeyqfBFo9AsRMztXXUnQWX7EDXCMZWEKRX2xrx7WnhE7ZejTBzwH4UclU7RNyoWPOlEv7qK cVrlEJsHWZf1SkbXq9evMGG4ft9XnHGM/Bg45f2wiSmw7J2bgWGyb2acWIwocHKpv/hkgieK NocTPHVAFuXL/Bu8NkH8VNwgKHu9iB2Bs3R3/jowU+Z7tqng+f9LeHFHxjjKWTK4zZLCxRfW EowJqVzttlTAXFWPStWNihwIyCl2Rc1V7goKdRvFQSoRUaQGEd0BOMMP2tcRMLQTe5CLlLKy W+Um1eefXf5tcQwxbuHAdb+BuFjbMt/QflYnUfdq1ivj5UMvpQARAQABzSNQZXIgb2xvZiBM anVuZ21hcmsgPHBlb0BuZXRoZWFkLnNlPsLBeQQTAQgAIwUCVusHkQIbLwYLCQgHAwIGFQgK CQsCBRYCAwEAAh4BAheAAAoJEFqmFcBAZ2uoWfQP/j00JMvW9hQ1e65eCJUYLQ3WmdY92/NT TihfRGw2cxwXNuZ3Ik7TvFfoYGx4UUuiUMMvYjHHcnUCLaNy7MoUtCPVPR4iYZAZHS0IQlg1 DtU6CgN/XcZ5jkjaF4HlkjlU5d7HW3nIzewetFm2HdjPeSwNjsjcLkna13NXgSx3eGmLIe6s 5IbSLbslb6EbfuLPgsQjsCpWRTy1lGsXfhQ4jzrZHSeFAk+n5QBITdAu97RdzjILWgBX1F6t 769qzOLuwtdn1cXG60wiNryHzHzLzZErst/zoFZaWINZ1jojCYQCa+hJPjr+UWI0eAKfrbSh k32HoXArI0apw6o8DXVH9qpUFvcmx6Tb36IRiTDxhG8QGJdXmi37oyC4zpPdYFSyh8cENE+m lpbYbTMA9ETJVQtz3qYl1fPjoqBJyVHxVfnKoYBIy4b6RPN0hrORh3RmS901cviuSLmNSe5/ WcVacwn+7idCSWEdFN6DW/ExTT1s3SLIRbDN2FscBASDQ61WF2rIJcDSH1nyFaNHbVeA4URf eUscB/4r+i0p3HWkvRRG/iurdcbmTTnQTgky6Kj5OWaEXPQFOaoOrx3GYipgvmDkVsUMwAQ3 t+uTnGjdPXfClCYsVZSQwui5wbqpuu6nNUVID437JqUOS6/P+y87khlFAvdpL52Orejx+7xE 2VHBzsFNBFbrB5EBEADD8+XYyEJhr/iIaK5ASHeLKAIEkN9ZZq7m4NkuCl32EHEZd5Fn//93 cxSAv8bg2Mp/WdSQ9nVjGMhLuRPCgyhygMzPbp2dDIYGhY7nFhD6I9w58KZ6KXH6FhC/AU8L riaWd7smMXk79+vWRIDdDHIx4Mf3xYbitPs5G6ujsfVSHwtcR9/P/J9byM90Bfxk9hrwA4LY WOxMP3ljiBcHaqjJ6IKYm1/O9Ab0L6E8Ud3cB1gLE9PMGHUgIkXerejsHhaOnGioFpY6xC9J OajR/WyiF2gpS5eJ6ZOh8UUiogAuNs0KIjLpgcRtqJbA+9ULWrKJqoN8VmdikaA5F+NoHVmJ uRwXwjWuUGnnsksof9lvn/sKkjeY+Knp9le61wGsKo6vp3qrVvocs/0p/8gKqf1cJDl+74hB 52/xN0rP02r72JEzQTDmPf82+kLj062L2th8BZSDyTv8oODFIRrMU2CLsalsQqh8qxVJfwLK uy6hA9sF0oV3a4xD7+Dt4hpRjINSKyC3PHuQ/VoRyAD3p7QeW2ooo7xGWyq6+xzS2vqkT2rp XyU1HM1mwJA8nJqPgnIJ80UbtLD1N1qYfmY/cBUuNEQB6MuVA8tgOZ7t7zdSYfILuKZtLJav mM9OxnhJihpm9m/mZCj9vzk58I/FpldVRgYJW+HOIF3Nb8jmGt0s1wARAQABwsN+BBgBCAAJ BQJW6weRAhsuAikJEFqmFcBAZ2uowV0gBBkBCAAGBQJW6weRAAoJEKVR/tmMfqiW1sMP/0nn mMgWy09CfC6yRBsMVCpmvt6+unxM++f6nGvsCKKJonsTguheREmQCbayvvt/rkqRikXrNcyq hfGlIJERR5vpu+aaJ23zSHVErno5V+HtYQgyai/tt4uURu9FNogPCGDxa5m3OXGKRSVVFSD0 lI2pO8AVZCsmbkdOMvMCrc5bgsxybsJKKQlF8n6Jfo3Fg6/0D/FstXz4dsqtAH89JaeuMfmT th30+IbsOdHzTPaRKRBeo1tCy7LhVnQl7xw2QoLyMrXhIGMcMszoI6A9gxvZwNWvdd8bDr5s w3NhnzyRjlIpRF+HyVgNCrd1IMs8U6H8fFxEX8OqKVLPkqzZQxxFcR3padydgR4/XjNiJasa l2N0QA55WNqSfgpthX9B1BuC8cKoMkr+/Hp9CEpT2GGKC7k5JXdZHtPaT/FAq4lqqh0ZWt8N dInYvVwLlEUDECzef/F2+wOcGTWPr4+d700SKVTbA76WOjPgrTihCMTfeVS1xXnjuCNCqz7y 117k3BT314G1afZtQeanV5oqs65BALVzFO/cvi14oYSB3qeXZiks/1TVBv4BjjFqxDXs4tjk 5UrA0Bni5BjpAWw+DpgoTxef5h1EcQUbnljw89T024Yt3BIPNEIJgZpsD3f/BsfywkRdZxRr g3LYPPIwC6EQK4t5i8nucfMLEEPvqtrBvDMP/RLaU+iIp4Fuugu6ans5DG8PL5l6IzMzIEh/ gOsu2EJ9wtszgASwTeC8+nYBQ/mkOJGBAepROdR4UmSpwL/yD3uhvtPcaPJwK5n+9xnDyHuq JvHXPq63mMxksgQLhDCIIA2rMSaHwsfTCkI4ZmnK5wIGFktagbJL1O2u9uHWTVV2qO4NnN1C DWItL513FEfxlsg4gSiiSpLujJQImIjqSpEvlI1kGRQAeUL0/Jh3e4OfedJvMB4fpgFzJsSB u6vgfCdqeOMQgH4I1GEUSA582aIWdsj8IoPgspJmWUQ0d8JNpGGhEJoCWxyHitOxvoQaxBSY jk92iVMtguYe9+sv8af7PUE3offwdSwncK9p6INhwMFXVAEpIPuLtM8EhKSgyYZ/zHP3Qvsm 1ZUwQUfD3P9vSf3Oo4yF/nZBkVDLpOlwjPKTG5bAkGlDJCQXzXMGaW1xQdOSOY+G7iZeWk4H 1csQCSBdZj3AMWejaUb5h9AuK06bUJCfx3+H/HTmYdnNsYDHmtzzSEM8MO5Bp+SqPsLXuDQu qsctjGW0+b+dg/VEMGOz042jd1p7jgcVLeO1hHEeh5ZYhtdviozIjZHuC6dfq/kAPQchy/iX rERGMxTOT8sKKQWzog0J7+U6iHs3ThXp0fc64+2VSVZZsMTfp9iaOLEIkx8OEl88SWPq2Dke Message-ID: Date: Mon, 15 Oct 2018 17:16:50 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Oct 2018 15:17:02 -0000 Hello, Either I am doing it wrong or sshguard is not properly implemented. 1. In the config file /usr/local/etc/sshguard.conf there is a parameter # Colon-separated blacklist threshold and full path to blacklist file. # (optional, no default) #BLACKLIST_FILE=120:/var/db/sshguard/blacklist.db however, the threshold setting does not seem to have any effect. If I change the setting in rc.d/sshguard, it does take effect. 2. Looking at /var/db/sshguard/blacklist.db, each row looks like 1539615075|220|4|143.0.65.92 There is another setting in the config, # Size of IPv4 subnet to block. Defaults to a single address, CIDR notation. (optional, default to 32) IPV4_SUBNET=32 I have tried to alter this setting to /24 and /29, auth.log says Blocking "143.0.65.92/29" forever but blacklist.db does not indiciate any different CDIR than /32. Any ideas?